Skip to main content

Mega users: If you're hacked once, you're hacked for life

posted onJanuary 21, 2013
by l33tdawg

Kim Dotcom's launch of Mega has touted the big tagline of being bigger, better, faster, stronger, and safer, but while Dotcom promises 128 bits of AES encryption and the use of 2048 bits of RSA public/private key infrastructure, I'm not too convinced about the last aspect of his sell: the safety.

Mega's security operates in a different way to a lot of other sites. Its use of public/private pair keys is a good step for ensuring that no one but the owner of the private key pair has the ability to decrypt files that are stored in its cloud service, but it appears to also be tied into the password used to set up the account.

Mega's site states that it is "the master encryption key to all of your data" and that "if you lose it, you lose access to all of your files that are not in a shared folder and that you have no previously exported file or folder key for." However, tying the password deeply into the encryption scheme also means that it is impossible to reset or change a user's password without throwing away the encryption keys. Combined with the current inability for users to close their account and create a new one, and users are stuck with whatever password they signed up with. Hopefully, that wasn't "password," while they figured out whether they wanted to keep using the service.

Source

Tags

Security megaupload mega

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th